GVU Geldforderung - Computerhijacking Forderung nach Ukash zur Freischaltung 100 €

Arno_Berlin · 22.09.2012, 14:26

Hallo,
habe ein Trojaner abbekommen.Kann mir jemand weiterhelfen?

OTL logfile created on: 22.09.2012 15:07:44 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\shikha\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,31 Gb Available Physical Memory | 82,90% Memory free
8,17 Gb Paging File | 7,61 Gb Available in Paging File | 93,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 342,07 Gb Total Space | 249,68 Gb Free Space | 72,99% Space Free | Partition Type: NTFS
Drive D: | 341,92 Gb Total Space | 341,60 Gb Free Space | 99,91% Space Free | Partition Type: NTFS

Computer Name: SHIKHA-PC | User Name: shikha | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.22 15:07:33 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\shikha\Downloads\OTL (2).exe
PRC - [2009.09.17 14:29:04 | 000,645,328 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee.com\agent\mcagent.exe
PRC - [2009.09.15 10:23:54 | 000,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
PRC - [2009.07.10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2012.06.15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.10.11 13:18:25 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist Express Customer\309\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2011.04.15 12:58:53 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.09.16 11:23:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009.09.16 10:15:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009.09.16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - [2009.09.15 10:23:54 | 000,894,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009.07.08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009.07.08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy)
SRV - [2009.07.07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008.01.21 07:45:34 | 000,516,096 | ---- | M] (Sabre Inc.) [Disabled | Stopped] -- C:\SABRE\Apps\OADP\Oadp.exe -- (SabrePrint)
SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.10.17 10:38:20 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.12.10 22:41:14 | 000,843,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2001.11.09 13:07:42 | 000,055,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\CfgSrvc.exe -- (CfgSrvc)
SRV - [2001.05.29 16:41:44 | 000,106,496 | ---- | M] () [Auto | Stopped] -- C:\Windows\sdman.exe -- (SDMan)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.09.16 10:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009.09.16 10:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009.09.16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009.09.16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009.07.16 12:32:26 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009.05.11 13:49:20 | 000,081,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008.03.04 23:39:22 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008.03.04 23:39:22 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008.03.04 23:39:20 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2006.10.04 12:45:16 | 000,015,656 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0809&m=aspire_m3641
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0809&m=aspire_m3641
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0809&m=aspire_m3641
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0809&m=aspire_m3641
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0809&m=aspire_m3641
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/club/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE347DE348
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011.07.28 17:49:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.07.28 17:49:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.30 15:28:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.08.24 09:53:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.30 15:28:14 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012.09.22 13:47:39 | 000,000,734 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe ()
O4 - Startup: C:\Users\shikha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CRSTrans.exe - Verknüpfung.lnk = C:\jack\CRSTrans.exe (Bewotec GmbH)
O4 - Startup: C:\Users\shikha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Users\shikha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oadp.exe (Sabre Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: agentware.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: agentware.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: akamaiedge.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: cibt.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: etraveladisories.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: getthere.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: merlin.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: merlinx2.de ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: midoffice.sabre-merlin.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: mysabremerlin.de ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: onthesnow.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pathlore.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: portpromotions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sabre.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sabre.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sabre.com ([eservices] * in Trusted sites)
O15 - HKCU\..Trusted Domains: sabreconsolidator.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: softvoyage.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: theluggageclub.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: travelpn.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: travisa.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vacationstudio.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaxvacationaccess.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: virtuallythere.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vtitin.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: wcities.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: wctravel.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: wellwishers.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: whatsonwhen.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: worktopia.com ([]* in Trusted sites)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CA40AB2-C23D-4F2C-8C16-5477E99BC32E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Express Customer\309\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Express Customer\309\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer03.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer03.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9ce29cbf-f226-11df-acfc-002421803a95}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.22 13:30:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.22 15:01:49 | 000,030,243 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012.09.22 15:01:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.22 14:59:40 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 14:59:40 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 14:59:03 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.22 14:53:07 | 000,048,318 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.22 14:53:07 | 000,048,318 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.22 13:47:39 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.09.22 13:47:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2012.09.22 13:39:34 | 000,000,680 | ---- | M] () -- C:\Users\shikha\AppData\Local\d3d9caps.dat
[2012.09.22 13:39:25 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012.09.22 13:39:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts.bak
[2012.09.22 13:39:11 | 000,000,204 | ---- | M] () -- C:\Users\shikha\sslvpn-config.properties
[2012.09.22 13:31:03 | 000,000,778 | ---- | M] () -- C:\Users\shikha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.22 13:30:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.09.17 10:25:19 | 000,035,148 | ---- | M] () -- C:\Users\shikha\Desktop\Travel Reservation September 25 for ERLER.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.22 13:39:15 | 000,000,680 | ---- | C] () -- C:\Users\shikha\AppData\Local\d3d9caps.dat
[2012.09.22 13:31:03 | 000,000,778 | ---- | C] () -- C:\Users\shikha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.22 13:31:02 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.17 10:25:35 | 000,035,148 | ---- | C] () -- C:\Users\shikha\Desktop\Travel Reservation September 25 for ERLER.pdf
[2011.10.11 13:18:08 | 000,110,456 | ---- | C] () -- C:\Users\shikha\g2ax_customer_downloadhelper_win32_x86.exe
[2011.07.30 15:58:13 | 000,197,398 | ---- | C] () -- C:\Windows\hpwins27.dat.temp
[2011.07.30 15:58:13 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp
[2011.07.30 15:21:14 | 000,197,067 | ---- | C] () -- C:\Windows\hpwins27.dat
[2011.04.15 12:58:44 | 000,103,720 | ---- | C] () -- C:\Users\shikha\GoToAssistDownloadHelper.exe
[2011.02.26 11:03:37 | 000,000,049 | ---- | C] () -- C:\Users\shikha\.sabreredworkspace.locator
[2009.10.06 15:58:51 | 000,000,000 | ---- | C] () -- C:\Users\shikha\AppData\Roaming\wklnhst.dat
[2009.10.01 11:35:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.09.29 16:15:09 | 000,000,204 | ---- | C] () -- C:\Users\shikha\sslvpn-config.properties
[2009.09.29 15:30:34 | 000,048,318 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.29 14:13:24 | 000,048,318 | ---- | C] () -- C:\ProgramData\nvModes.dat

< End of report >

OTL Extras logfile created on: 22.09.2012 15:07:44 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\shikha\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,31 Gb Available Physical Memory | 82,90% Memory free
8,17 Gb Paging File | 7,61 Gb Available in Paging File | 93,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 342,07 Gb Total Space | 249,68 Gb Free Space | 72,99% Space Free | Partition Type: NTFS
Drive D: | 341,92 Gb Total Space | 341,60 Gb Free Space | 99,91% Space Free | Partition Type: NTFS

Computer Name: SHIKHA-PC | User Name: shikha | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = AB AD 56 C9 A0 08 CC 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{124F1E42-D5F3-4716-8F81-A5DFFBA7B23B}" = lport=137 | protocol=17 | dir=in | app=system |
"{14756238-8D81-472D-910B-32ABDD6C0DE2}" = lport=139 | protocol=6 | dir=in | app=system |
"{21386D45-4A23-4575-A5F0-B78925B7C0E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27C42362-841B-4F24-8F3F-2CD56AD93FFF}" = lport=138 | protocol=17 | dir=in | app=system |
"{38C8FC7D-0815-41CE-B7E5-41327E7DD9B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{428C6D8E-6CF6-4E93-AE3B-31995866FA0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{543F406F-FF56-4ED6-B23B-E7DB2E11DF1B}" = rport=138 | protocol=17 | dir=out | app=system |
"{61807C5A-0F02-4F62-9B26-B1051D087DB7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{82372122-EDF9-4D83-A36A-1B6261990158}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99FDB8D2-BD73-4E2C-8CD1-D345D97F43A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2095A2A-7C9A-4040-A401-7E2C01D317F3}" = rport=139 | protocol=6 | dir=out | app=system |
"{A4354733-4B20-482D-A649-BA9736CF8043}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB98F430-4FB8-4CDE-97D3-2CE06436F6F6}" = rport=137 | protocol=17 | dir=out | app=system |
"{B95AECC2-6332-4540-B7E0-A9C77DEAE784}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD4603DE-C490-4621-9D70-D26DB6C29D49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D266FB32-51B7-467B-A50F-CDF077A2B61D}" = rport=445 | protocol=6 | dir=out | app=system |
"{D401E9EB-15F5-4883-A3D4-6E386ADFAABD}" = lport=445 | protocol=6 | dir=in | app=system |
"{D91669A3-9B58-4854-B3E6-F652BC7CDDE8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F628C58C-8045-4296-80F3-F36FA3FB9712}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0030B11B-1A94-43D4-9C10-FCADD84934CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{038580A3-88B4-4264-8484-6130D3EC1D6C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{07371D38-AFD5-4D36-9399-CA26429B1C34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{088641C2-EAB6-4E71-ACDC-C49E2AF6F3C0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{1AA2BE70-AA19-4723-9B7B-ECB5C42B64DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C9FB18B-967D-430C-B169-14D1D93C58E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1F0C4EC5-FB68-4D9B-BCFB-4B753EA47A74}" = protocol=6 | dir=in | app=c:\windows\sdman.exe |
"{20A5EC57-B14E-4A59-99D2-871FA0B1B762}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{25040B53-F79A-46E6-A7E0-013D28BDE399}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{25B56B42-F129-4DE2-B175-9C00AA0EA94E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2979C5E6-0421-43C3-9E0E-0B3DE84040EC}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{322CC26A-8C5F-4F27-AC9A-76BF517D8C11}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{392B7313-FDA0-4321-8BCE-E13E52FDCC50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{39D483D7-1C08-4C05-8A8A-069CA0E3B1C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B5F4F1E-EC07-49F8-B746-5DECA0EE7B6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{3CC34160-1D35-4393-ACC0-DA62DE6E99CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F3CC452-D547-4C44-B4BF-239ACE003C7D}" = protocol=6 | dir=out | app=system |
"{48E5B4D5-D4D1-4F82-A642-97650A54D88E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{4C1AA5E1-6D81-4C92-AA64-F87174165CA3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5333F88A-77DF-4DCE-A29A-F73D802BE100}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{5775B069-4ED6-48E7-BB9A-B21D68584994}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{58B49160-7657-4A60-BC52-AC788D4BEE7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5931F3FD-82F5-4B3E-BB25-A8FB54E73792}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5BC3D8F4-4EE5-42C6-99FD-01666A29D782}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{6D0EAF13-C417-4E34-914F-AD5C86638B01}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{71725025-0AA5-4AFD-AD83-C67DCB177A71}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7CFC2295-67DC-42E4-B6A6-953213EBE66F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{827FF268-65E2-4789-AF8D-3A82E814FC84}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{86E0281D-9A12-48E3-AE14-41EAC4E604B9}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{8BE9C94B-8036-4E1A-A3E0-49418BC56593}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{8C3B97AF-4702-4AAB-A069-384DBB6476DC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C4C6102-4491-473F-8397-E2CD3E631F0E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{93E85E72-4230-4946-9007-7D714F3660FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{9ECA2C5F-6D6C-4C6E-BEC2-CC7711B2D555}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7CDF499-DC4C-478E-BEE4-825B195CA79E}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{B0F12B67-9FE6-4F5A-9B14-08E54D2E8C3E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{BEF8BEA9-FFD5-4252-8B01-DC9DAF83E90E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C00224C6-1E0F-4BBD-B491-6F6293600863}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{C1362B54-C771-4BC2-B282-C1DD96DF9033}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C9F02DC1-098F-4E5C-8263-235DBBD416EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAA1C439-B4DD-4254-BCF1-A230850FA362}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD77768F-860D-4F1F-8E3A-F87ED73129C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{CEC4B0BC-00A3-4D79-85E2-7CD4FBB1AFD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{D0391B6A-6999-4EF3-9F76-A4EA236DC668}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{D3765DF8-DE90-4AE5-8BB2-4D6BA478B212}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{D65BD781-362D-4781-9101-1A5A4B047894}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{D93D8D0E-BA5D-48FF-8F08-57160971BA36}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DC649DC1-89C5-49EA-AE0E-DF7959EF63DA}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{E2C3130B-7C65-40BE-B1EC-4A7C8597C54F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E30BE3C5-008F-4719-8B35-DEE447AB2E9E}" = protocol=17 | dir=in | app=c:\windows\sdman.exe |
"{EBAE139E-7E48-47E0-9F40-B0B2902E9AE5}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{EC528072-DD42-4DE8-A66A-F302796645D0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F0D97130-FC16-4F1F-9426-9E1F639B2E12}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F30DAF35-9212-4C6E-8C5E-08745313C136}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F55248DF-BD0C-43B3-AFD7-563714C7CAF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5A5CD4B-CD70-4B8A-9FA3-B557704E7195}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{FCC83786-2CD2-456F-8057-69B2DDD349FF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{086850B3-AFF4-4495-BF3C-69824AD9F92A}C:\program files (x86)\java\jre1.5.0_11\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.5.0_11\bin\javaw.exe |
"TCP Query User{1A0EF2B8-0513-40E9-A595-7A2D732E2122}C:\sabre\apps\oadp\oadputil.exe" = protocol=6 | dir=in | app=c:\sabre\apps\oadp\oadputil.exe |
"TCP Query User{1EEB1E87-9446-44AD-A54B-F67E99CB4304}C:\jack\jackv30.exe" = protocol=6 | dir=in | app=c:\jack\jackv30.exe |
"TCP Query User{5042F2EF-E4E1-4D4C-8458-B3B67E9731D3}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{59425586-A915-412F-9BB1-9A37AA18A014}C:\program files (x86)\java\jre1.6.0_02\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_02\bin\javaw.exe |
"TCP Query User{82F49B30-B4BE-42C0-97B9-FC6EE9EB49A8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{B3918A07-2D23-46D5-B74B-CAC2D46FE65E}C:\windows\sabserv.exe" = protocol=6 | dir=in | app=c:\windows\sabserv.exe |
"TCP Query User{CCA7139C-B8EC-41B2-98C9-496CCCD8FE18}C:\sabre\apps\oadp\oadp.exe" = protocol=6 | dir=in | app=c:\sabre\apps\oadp\oadp.exe |
"TCP Query User{F0D85A58-F422-4A95-A548-D263AAA5E981}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{FBFD0F48-1D16-477C-8BDB-41130E0F97E2}C:\users\shikha\appdata\local\sabre red workspace\common\binary\com.sun.java.jre.win32.x86_1.6.0.012\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\shikha\appdata\local\sabre red workspace\common\binary\com.sun.java.jre.win32.x86_1.6.0.012\bin\javaw.exe |
"UDP Query User{0CC0A2FF-6283-47F8-B8EE-7F99B27A1572}C:\program files (x86)\java\jre1.5.0_11\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.5.0_11\bin\javaw.exe |
"UDP Query User{4E3F15B5-557D-4709-A3E6-59D07058E3C7}C:\users\shikha\appdata\local\sabre red workspace\common\binary\com.sun.java.jre.win32.x86_1.6.0.012\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\shikha\appdata\local\sabre red workspace\common\binary\com.sun.java.jre.win32.x86_1.6.0.012\bin\javaw.exe |
"UDP Query User{6F619478-141A-4CC2-9E4F-46F41818A2C4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{75B44DC8-38E3-426D-9E92-8F4AAF6BBA0F}C:\sabre\apps\oadp\oadputil.exe" = protocol=17 | dir=in | app=c:\sabre\apps\oadp\oadputil.exe |
"UDP Query User{7C01027C-A0D8-432A-9277-36C4A42AD95B}C:\windows\sabserv.exe" = protocol=17 | dir=in | app=c:\windows\sabserv.exe |
"UDP Query User{8E3A86BB-7E6B-444E-8D11-14E84653665D}C:\sabre\apps\oadp\oadp.exe" = protocol=17 | dir=in | app=c:\sabre\apps\oadp\oadp.exe |
"UDP Query User{C7BA8641-0000-4F7A-AA13-AE4F596719B4}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{DC2911AE-F37B-4915-826F-7B853EB60F86}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{E185A5CF-2C7E-4384-9F9C-F6D6DE750D9E}C:\jack\jackv30.exe" = protocol=17 | dir=in | app=c:\jack\jackv30.exe |
"UDP Query User{EC4A6248-F972-4B31-A27B-98CB28E5E52D}C:\program files (x86)\java\jre1.6.0_02\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_02\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21C069F9-8BC5-4A24-9C8B-7D33E5645E09}" = Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B1EF559-C401-4DC2-A456-F0C464F1C7E7}" = NetDeviceManager64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9EFE7D1F-B20F-4E81-B27C-B3C701702250}" = ATI Catalyst Install Manager
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d4b38da2-7396-4b40-95fa-f6340013356d}.sdb" = VPNPatch_
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A97B74D-7C3B-470A-9545-A2BAEF20CAD6}" = Spider Launcher
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.6 - Deutsch
"{ADC7FA12-E165-428a-AF13-4CE686E030AA}" = C5100
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner
"GoToAssist" = GoToAssist Corporate
"GoToAssist Express Customer" = GoToAssist Customer 1.6.0.309
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"McAfee Security Scan" = McAfee Security Scan Plus
"MSC" = McAfee SecurityCenter
"MySabre" = MySabre
"Open Systems Client" = Open Systems Client
"Sabre Device Manager" = Sabre Device Manager
"Sabre Print Module" = Sabre Print Module

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sabre VPN" = Sabre VPN

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22.09.2012 08:03:38 | Computer Name = shikha-PC | Source = McLogEvent | ID = 5022
Description = Initialisierung des MCSCAN32-Moduls ist fehlgeschlagen. Das Modul hat
folgenden Fehler ausgegeben: 7

Error - 22.09.2012 08:03:56 | Computer Name = shikha-PC | Source = WinMgmt | ID = 10
Description =

Error - 22.09.2012 08:09:49 | Computer Name = shikha-PC | Source = McLogEvent | ID = 5022
Description = Initialisierung des MCSCAN32-Moduls ist fehlgeschlagen. Das Modul hat
folgenden Fehler ausgegeben: 7

Error - 22.09.2012 08:09:52 | Computer Name = shikha-PC | Source = WinMgmt | ID = 10
Description =

Error - 22.09.2012 08:23:53 | Computer Name = shikha-PC | Source = McLogEvent | ID = 5022
Description = Initialisierung des MCSCAN32-Moduls ist fehlgeschlagen. Das Modul hat
folgenden Fehler ausgegeben: 7

Error - 22.09.2012 08:24:10 | Computer Name = shikha-PC | Source = WinMgmt | ID = 10
Description =

Error - 22.09.2012 08:52:41 | Computer Name = shikha-PC | Source = McLogEvent | ID = 5022
Description = Initialisierung des MCSCAN32-Moduls ist fehlgeschlagen. Das Modul hat
folgenden Fehler ausgegeben: 7

Error - 22.09.2012 08:53:04 | Computer Name = shikha-PC | Source = WinMgmt | ID = 10
Description =

Error - 22.09.2012 09:01:41 | Computer Name = shikha-PC | Source = EventSystem | ID = 4609
Description =

Error - 22.09.2012 09:02:44 | Computer Name = shikha-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 23.07.2010 04:08:41 | Computer Name = shikha-PC | Source = Media Center Guide | ID = 0
Description =

[ System Events ]
Error - 22.09.2012 07:53:59 | Computer Name = shikha-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 22.09.2012 07:53:59 | Computer Name = shikha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22.09.2012 08:09:42 | Computer Name = shikha-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.34 für die Netzwerkkarte mit der Netzwerkadresse
002421803A95 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 22.09.2012 09:01:34 | Computer Name = shikha-PC | Source = DCOM | ID = 10005
Description =

Error - 22.09.2012 09:01:41 | Computer Name = shikha-PC | Source = DCOM | ID = 10005
Description =

Error - 22.09.2012 09:01:42 | Computer Name = shikha-PC | Source = DCOM | ID = 10005
Description =

Error - 22.09.2012 09:01:44 | Computer Name = shikha-PC | Source = DCOM | ID = 10005
Description =

Error - 22.09.2012 09:01:44 | Computer Name = shikha-PC | Source = DCOM | ID = 10005
Description =

Error - 22.09.2012 09:02:44 | Computer Name = shikha-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22.09.2012 09:02:44 | Computer Name = shikha-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

markusg · 22.09.2012, 14:42

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - Startup: C:\Users\shikha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Arno_Berlin · 24.09.2012, 07:22

Hallo,

Vielen, vielen Dank!

Ihr seid Klasse...

Gruss

Arno

Hier der geforderte Text:

All processes killed
========== OTL ==========
C:\Users\shikha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\ProgramData\lsass.exe moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: shikha
->Flash cache emptied: 4390 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: shikha
->Temp folder emptied: 23204145 bytes
->Temporary Internet Files folder emptied: 119502605 bytes
->Java cache emptied: 799140254 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49359 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 898,00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 09222012_155348

Files\Folders moved on Reboot...
C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSKPGKS5\NGHourCount[1].htm moved successfully.
File\Folder C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBG5CIV\&pg=m&pa=31&pp=DE_10625&pn=3B&ag=&tagID=topline&tile=5706258861348321395022&transactionid=5706258861348321395022&theme_bg=l ight[1].htm not found!
File\Folder C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBG5CIV\detail;jsessionid=0A905D992649E577522935234F8B2AEE-n1[1].htm not found!
File\Folder C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBG5CIV\ebde&tagid=top&categorytype=mail3c&region=de&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=m&pa=31 &pp=DE_10625&pn=3B&ag=&bd=0&Params[1].htm not found!
C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBG5CIV\showCAHFNG68.htm moved successfully.
C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBG5CIV\showCARZ2S0S.htm moved successfully.
C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBG5CIV\true;jsessionid=0A905D992649E577522935234F8B2AEE-n1[2].htm moved successfully.
C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXKT97P6\trackbar_navigator_web_de[8].htm moved successfully.
File\Folder C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S2H07Y4\creativeproxy_uimserv_net[1].htm not found!
File\Folder C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S2H07Y4\detail&category=mail&pg=m&pa=31&pp=D__10625&categorytype=mail3c&region=de&ag=null&Params[1].htm not found!
C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S2H07Y4\member[1].htm moved successfully.
File\Folder C:\Windows\temp\mcmsc_VN9JC0Zobxfis9I not found!

PendingFileRenameOperations files...
File C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSKPGKS5\NGHourCount[1].htm not found!
File C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBG5CIV\&pg=m&pa=31&pp=DE_10625&pn=3B&ag=&tagID=topline&tile=5706258861348321395022&transactionid=5706258861348321395022&theme_bg=l ight[1].htm not found!
File C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBG5CIV\detail;jsessionid=0A905D992649E577522935234F8B2AEE-n1[1].htm not found!
File C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBG5CIV\ebde&tagid=top&categorytype=mail3c&region=de&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=m&pa=31 &pp=DE_10625&pn=3B&ag=&bd=0&Params[1].htm not found!
File C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBG5CIV\showCAHFNG68.htm not found!
File C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBG5CIV\showCARZ2S0S.htm not found!
File C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIBG5CIV\true;jsessionid=0A905D992649E577522935234F8B2AEE-n1[2].htm not found!
File C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXKT97P6\trackbar_navigator_web_de[8].htm not found!
File C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S2H07Y4\creativeproxy_uimserv_net[1].htm not found!
File C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S2H07Y4\detail&category=mail&pg=m&pa=31&pp=D__10625&categorytype=mail3c&region=de&ag=null&Params[1].htm not found!
File C:\Users\shikha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S2H07Y4\member[1].htm not found!
File C:\Windows\temp\mcmsc_VN9JC0Zobxfis9I not found!

Registry entries deleted on Reboot...

markusg · 24.09.2012, 11:24

hi

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

GVU Geldforderung - Computerhijacking Forderung nach Ukash zur Freischaltung 100 €

Plagegeister aller Art und deren Bekämpfung: GVU Geldforderung - Computerhijacking Forderung nach Ukash zur Freischaltung 100 €